DeASPack 2.11
~~~~~~~~~~~~~

Due to the response about my little lame unpacker about files compressed with
ASPack 2.11 I decided to release it to the public before implementing all
features.

Intro
~~~~~
Decrypt the polymorph layer of the ASPack 2.11 packed files and decompress
them. No resources rebuilding is done so the ASPack section will be kept in
the output file to make the file run OK (not giving error while loading icon
resource) and first icon group and version info will be available too. 

Supported ASPack versions
~~~~~~~~~~~~~~~~~~~~~~~~~
Due to the fact there are many ASPack versions with thousands of subversions
this unpacker probably will fail unpacking most of compressed with ASPack
v2.11 files. It has been tested only with these versions:

- ASPack 2.11 registered by SAC/UG2000 downloaded from Aaron's site
  (www.exetools.com)
- ASPack 2.11 unregistered downloaded from playtools.cjb.net on 12-15-2000

Technical notes
~~~~~~~~~~~~~~~
ASPack 2.11 now uses a little polymorph engine that stops most known unpackers
from detecting it. The same polymorph engine is used in ASProtect 1.1 and
according to SAC/UG2000 this engine is first written in the Margburg virus
coded by GriYo/29A. I don't know if this is true but ASPack 2.11 engine can
be defeated by using lame try&compare method because the decryption key is
static for every decrypted byte/dword. I found only byte/dwords decrypting
in the polymorph layer (ASPack doesn't use slow polymorph to hide
different mutations so the analize can be done by simply packing several files
at single session ;). Finding non-sliding key is easy by using known values
of the decrypted ASPack layer and in this unpacker is implemented this kind
of recognition. Probably if I have more time these days I will code pure
emulator for this engine which will defeat it on different versions
(=different code of decrypted layer) of ASPack and ASProtect.

After decrypting the ASPack layer a normal decompression is done of all
compressed sections. This part is just a rip and little win32asm conversion
from the bane's/DTG unaspack source. Probably with few changes his unpacker
can be done to support all existent versions of ASPack but I dont have the
DOS extender he uses so I have done a win32asm version for this specific
version.

BTW I will be glad to see decrypting of the polymorph layer in BiWeiGuo's
unAsPack and support of the newer versions of this great compressor. His
unpacker supports most ASPack versions I have ever seen.

Usage
~~~~~
Start the unpacker, select the packed file in the shown dialog box and if it
is successfully decompressed the result file is OUT.EXE. There are not shown
error messages because it is not fully finished.

To do
~~~~~
- resource rebuilding (as for all my unpackers)
- better PE reconstructing
- support for other ASPack versions that are unsupported by other unpackers
  (probably impossible because I will not have any time to code in the near
  future)
- emulator for the polymorph layer (the most interesting part)

Greetings
~~~~~~~~~
Everyone :)

Special greets:
~~~~~~~~~~~~~~~
Alexey Solodovnikov, bane/DTG, all TMG, UG2000, AOI members, all #win32asm
dudes :)

Best regards,
Unknown One/[TMG]